Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 739
    • Issues 739
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 326
    • Merge requests 326
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Issues
  • #10955
Closed
Open
Issue created Nov 14, 2019 by Casey Peel@cpeel

CVE-2019-18218 number is incorrect in main/file/APKBUILD

When CVE-2019-18218 was fixed in #10911 (closed) the CVE number added in main/file/APKBUILD is wrong by a digit (9 instead of 8):

 # secfixes:
+#   5.36-r1:
+#     - CVE-2019-19218
 #   5.36-r0:
 #   - CVE-2019-8904
 #   - CVE-2019-8905

CVE-2019-19218 does not exist.

This is bad because those are used to create automated vulnerability databases like alpine-secdb and vuln-list which alert users to a nonexistent CVE. We found it because Clair started flagging our alpine containers as having this CVE which we couldn't find in the CVE database.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking